PT-2020-2341 · Microsoft · Windows Background Intelligent Transfer Service+1

Divintzero

Published

2020-05-12

Updated

2020-05-29

CVE-2020-1112

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows Background Intelligent Transfer Service (BITS) (affected versions not specified)

Description The issue is related to the improper handling of uploaded content by the Windows Background Intelligent Transfer Service (BITS) IIS module, which can lead to an elevation of privilege. This is due to insufficient input validation, allowing a remote attacker to potentially exploit the vulnerability using a specially crafted application, thereby gaining elevated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unrestricted File Upload

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-20

Related Identifiers

BDU:2020-02309

CVE-2020-1112

Affected Products

Windows

Windows Background Intelligent Transfer Service

PT-2020-2341 · Microsoft · Windows Background Intelligent Transfer Service+1

CVE-2020-1112

Weakness Enumeration

Related Identifiers

Affected Products

References · 6